on 05-09-2006 12:04 PM
Hi all,
I have a jsp login page (FORM authentication) that when the user logon forward to home jsp page. Here I need to get the user info.
Now I'm using this, but it doesn't works:
String user = request.getUserPrincipal().getName();
session.setAttribute("idamUser",user);
if (request.isUserInRole( "xxxx" )) .........
Coul you please write me the right code to use and the library to import? Thanks a lot.
Vito
Vito,
If you are using form based authentication, is your jsp's action defined as "j_security_check" and the text fields defined as "j_username" and "j_password" ?
Or may be I misunderstood your question?
Regards,
Kiran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In login.jsp:
<i><FORM action='<%= response.encodeURL("j_security_check") %>' name="FRM_LOG" method="post">
<tr class="contentTop"> ............</i>
In home.jsp:;
<i><%@ page import="javax.servlet.http.HttpServletRequest,amis.util.,amis.svc.user., amis.IDAMServer., java.io., amis.svc.cache.*" %>
<%! amis.svc.user.IAmisUser au;%>
<% au = amis.svc.user.AmisUser.getInstance(request,session);
%>
<html>
<head>
<%
String user = request.getUserPrincipal().getName();
session.setAttribute("idamUser",user);
if (request.isUserInRole( "xxxxx" )) { %>...</i>
I use a SAP FORM authentuication, the user/role is OK. I logon the login.jsp and then the browser go to http://milds2004:50100/HKN/jsp/j_security_check and this error:
<b> 404 Not Found
SAP J2EE Engine/7.00
The requested resource does not exist.
Details: Go to main page of this application!</b>
What is worng? Thanks a lot.
Vito
Ho Bojidar,
I call directly login page. Here my web.xml.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- servlet per lo struts menu -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<!-- Servlet per l'IDAM-->
<servlet>
<servlet-name>RPCServlet</servlet-name>
<display-name>RPCServlet</display-name>
<description>RPCServlet</description>
<servlet-class>amis.svc.rpc.IDAMRPCServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BlobServlet</servlet-name>
<display-name>Blob Servlet</display-name>
<servlet-class>amis.svc.http.IdamUploadServlet</servlet-class>
</servlet>
<!-- Servlet mapping per l'IDAM-->
<servlet-mapping>
<servlet-name>RPCServlet</servlet-name>
<url-pattern>/RPCServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BlobServlet</servlet-name>
<url-pattern>/BlobServlet</url-pattern>
</servlet-mapping>
<!-- Action Servlet Mapping -->
<!-- Servlet per lo sruts menu-->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Site</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<!-- If you list http methods,
only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method> POST </http-method>
<http-method> PUT </http-method>
</web-resource-collection>
<auth-constraint>
<role-name>testrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Roles Demonstration</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/noUser.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Define security roles -->
<security-role>
<description>The Default Role</description>
<role-name>tomcat</role-name>
</security-role>
<security-role>
<description>A Second Role (to prove a comma-delimited list works)</description>
<role-name>role1</role-name>
</security-role>
<security-role>
<description>role for access to B.O.</description>
<role-name>bo</role-name>
</security-role>
<security-role>
<description>Role for non-access to B.O.</description>
<role-name>nonbo</role-name>
</security-role>
<security-role>
<description>Administration role</description>
<role-name>administrator</role-name>
</security-role>
<security-role>
<description>Reporting role</description>
<role-name>reporting</role-name>
</security-role>
<security-role>
<description>Uploading role</description>
<role-name>uploading</role-name>
</security-role>
<security-role>
<description>Agenzia role</description>
<role-name>agenzia</role-name>
</security-role>
<security-role>
<description>Sede role</description>
<role-name>sede</role-name>
</security-role>
<security-role>
<description>Area Manager role</description>
<role-name>areamanager</role-name>
</security-role>
<security-role>
<description>Venditore role</description>
<role-name>venditore</role-name>
</security-role>
<security-role>
<description>Amministratore del sistema</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>Utente</description>
<role-name>user</role-name>
</security-role>
<security-role>
<description>Aggiunto da Vito</description>
<role-name>Administrator</role-name>
</security-role>
<security-role>
<role-name>testrole</role-name>
</security-role>
</web-app>
Thanx,
Vito
Vito,
the principle of FORM authentication is to protect the resources and when request them, if the user is not yet authenticated , it is redirected to the login.jsp. After the correct authtenticatin it is directed to the requested resource.
So it is normal to receive 404 response if you request directly login.jsp.
As i can see from contsraint below, you declare as protected only index jsp
<url-pattern>/index.jsp</url-pattern>
And if you request it, you should see the login form for authentication.
Regards
Bojidar
Hi Vito,
what is wrong there? isUser in role , returns false? is so , you may didn't configured properly security roles in the web.xml.
Regards
Bojidar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.